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MEMORANDUM FOR UNDER SECRETARY OF DEFENSE (COMPTROLLER) 
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SUBJECT: Audit Report on Hotline Allegations Concerning a Request for Proposal 
for the Defense Message System (Report No. 95-084) 


We are providing this final report for your information and use. The audit was . 
made in response to a complaint to the Defense Hotline regarding the request for 
proposal for the Defense Message System. Management comments on a draft of this 
report were considered in preparing the final report. The comments conformed to the 
requirements of DoD Directive 7650.3, and no further comments are required. 

The courtesies extended to the audit staff are appreciated. If you have questions 
on this audit, please contact Ms. Mary Lu Ugone, Audit Program Director, at 
(703) 604-9529 (DSN 664-9529) or Mr. Mickey Lynn, Audit Project Manager, at 
(703) 604-9547. The distribution of this report is listed in Appendix G. The audit 
team members are listed inside the back cover. 


BavuL JhliAAMAu 


David K. Steensma 
Deputy Assistant Inspector General 
for Auditing 



Office of the Inspector General, DoD 


Report No. 95-084 January 26,1995 

(Project No. 4RE-8016) 

HOTLINE ALLEGATIONS CONCERNING A REQUEST FOR 
PROPOSAL FOR THE DEFENSE MESSAGE SYSTEM 


EXECUTIVE SUMMARY 


Introduction. The purpose of the Defense Message System (DMS) is to provide 
writer-to-reader organizational and individual message service to all DoD users, 
including deployed tactical users, and connection to other Government, allied, and 
Defense contractor users as needed. DMS, a system estimated to have an acquisition 
cost of about * and a life-cycle cost of about * , will service about * customers by the 
year 2000. In March 1994, the Assistant Secretary of Defense (Command, Control, 
Communications, and Intelligence) designated the DMS a major automated information 
system and authorized release of the DMS request for proposal to contractors. The 
Defense Hotline received allegations in May 1994 that the DMS request for proposal 
contained major flaws. 

Objective. The objective of the audit was to determine the validity of allegations made 
to the Defense Hotline related to the request for proposal for the DMS. Specifically, 
the allegations relate to three categories: the cost of DMS was understated, the 
required multilevel security environment was not defined, and future requirements were 
not identified in the request for proposal. 

Audit Results. We did not substantiate allegations concerning the multilevel security 
environment or future requirements for DMS. The allegation that the cost of the DMS 
was understated had merit. 

DoD acquisition policy was not followed for development of the DMS. As a result, 
award of the DMS contract for system development and installation was planned before 
the Major Automated Information System Review Council reviewed the cost and 
benefits of the DMS and provided the milestone decision to proceed into development. 
Details are in Part II, and Appendix C, Part III, provides the specific allegations and 
the audit results pertaining to each allegation. 

Internal Controls. We did not review the internal management control program for 
the DMS because we limited the scope of the audit to the specific allegations. 
Nonetheless, the audit identified a material noncompliance in that DoD acquisition 
policy internal controls was not followed for development of the DMS. The material 
noncompliance is discussed in Part II. 


* Acquisition-Related data removed. 



Potential Benefits of Audit. About $684,000 (see Appendix E) could be put to better 
use if DoD recovers the cost of a Government-furnished microchip. Other potential 
monetary benefits are undeterminable until the recommendation on program costs is 
implemented. Further, implementation of the recommendations will ensure that DoD's 
investment in DMS is cost-effective. 

S ummar y of Recommendations. We recommend delay of approval to award the 
DMS contract until the Major Automated Information System Review Council has 
reviewed and validated program cost data for completeness and accuracy. Further, we 
recommend a Milestone II review for the DMS program and that funding be withheld 
for the DMS until program costs and cost-benefit analyses are reviewed and validated. 

We further recommend correction of DMS cost data to reflect the cost of the 
Government-furnished microchip and the costs to upgrade the baseline system as an 
alternative to the baseline system. Additionally, we recommend establishing controls to 
recover the cost of the microchip when DMS equipment is sold to non-DoD agencies. 

Management Comments. The Assistant Secretary of Defense (Command, Control, 
Communications, and Intelligence) planned to award the contract, * . Additionally, on 
December 8, 1994, the Major Automated Information System Review Council 
reviewed the proposed contract award for the DMS; the resultant System Decision 
Memorandum established requirements before the Milestone III review. Further, 
management agreed to include the cost of the Government-furnished microchip in the 
DMS cost, but did not agree to show the costs to upgrade the baseline system as an 
alternative to the baseline system. Additionally, management agreed to establish 
controls to ensure cost recovery of the microchip. Management comments are 
discussed in Part II, and the complete texts of the comments are in Part IV. 

Audit Response. After the draft report was issued on November 10, 1994, we met 
with representatives of the Under Secretary of Defense (Comptroller), the Director, 
Program Analysis and Evaluation, the Assistant Secretary of Defense (Command, 
Control, Communications, and Intelligence), and the Defense Information Systems 
Agency. As a result of several meetings, we no longer objected to award of the 
contract * and cost risk to the Government was minimized during the period that cost 
estimates are completed and validated and that the DMS program is reviewed by the 
MAISRC. Management’s actions meet the intent of the recommendations. Regarding 
management's disagreement with showing costs to upgrade the baseline system as an 
alternative to the baseline system, we are deferring to the Office of the Director, 
Program Analysis and Evaluation, to determine appropriate treatment of those costs 
during the review and validation of DMS program costs. 


* Acquisition-Related data removed. 
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Introduction 


Background 


DMS Purpose and Cost. The Defense Message System (DMS) consists of 
hardware, software, procedures, standards, facilities, and support personnel to 
exchange messages electronically. The purpose of the DMS is to provide 
writer-to-reader organizational and individual message service to all DoD users, 
including deployed tactical users, and to connect to other Government, allied, 
and Defense contractor users as needed. When fully implemented, DMS will 
process messages at all security levels. The primary objective of DMS is to 
reduce cost and staffing. The secondary objective is to improve message 
security and service. DMS will cost about * to acquire and will service about * 
customers by the year 2000. 

Transition from Baseline System to Target Architecture. The DMS will 
transition from the baseline system 1 to its target architecture in 2008. The DMS 
baseline system consists of the Automatic Digital Network (AUTODIN), which 
processes organizational messages, and individual electronic mail processed via 
the DoD Internet. DMS will connect with the Defense Information Systems 
Network to provide worldwide message transfer capability. Detailed 
information on the DMS initiative and a diagram depicting the DMS writer-to- 
reader messaging service are in Appendix A. 

DMS Request for Proposal. On March 16, 1994, the U.S. Air Force Standard 
System Center, in coordination with the Defense Information Systems Agency 
(who is responsible for managing DMS) released the DMS request for proposal 
(RFP). The RFP: 

o provides for hardware and software products, training, maintenance, 
integration, and implementation services to support DMS requirements; 

o states that to the maximum extent practical, DMS products should be 
commercial off-the-shelf; and 

o provides an initial contract period of 2 years, with six 1-year options. 

The estimated date of contract award was December 17, 1994.^ Cost for the 
first year of the contract was about * . 


* Acquisition-Related data removed. 


baseline system configuration as of September 1989. 

2 A system established in the 1960s to provide secure, automated store-and- 
forward message service for the DoD. 

3 Contract award is now anticipated for February or March 1995. 
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Introduction 


Designation of DMS as a Major Automated Information System. In 
March 1994, the Assistant Secretary of Defense (Command, Control, 
Communications, and Intelligence) designated the DMS a major automated 
information system (AIS) subject to review by the Major Automated 
Information Review Council (MAISRC). Appendix B defines a major AIS and 
describes the major AIS life-cycle management review process. 

DoD Policy for Major Automated Information Systems. Policy and 
procedures for the fife-cycle management of major AISs are in DoD 
Directive 8120.1, "Life-Cycle Management of Automated Information 
Systems," January 14, 1993, and DoD Instruction 8120.2, "Automated 
Information Systems Life-Cycle Management Process, Review, and Milestone 
Approval Procedures," January 14, 1993. 

DoD Directive 8120.1 states, in part, that it is DoD policy to: 

o Control expenditures on the AISs to ensure that derived benefits 
satisfy mission needs ... in the most cost-effective manner . . ., 

o Use life-cycle management review and milestone approval 
procedures to ensure that all AIS programmatic decisions are based on 
approved functional requirements and the total anticipated benefits 
that are expected to be derived over the life of the AIS. 

o Ensure that no funds are obligated for any AIS, in support of an 
area that has not successfully completed . . . management reviews . . . 
described in DoD Instruction 8120.2 . . ., and 

o Structure all program actions, especially solicitations and contract 
requirements, to allow adequate time for required reviews. 


Objective 


The objective of this audit was to determine the validity of the Hotline 
allegations related to the RFP for the DMS. Specifically, we reviewed 
allegations that the RFP contained major flaws. The allegations related to three 
categories: the cost of DMS was understated, the required multilevel security 
environment was not defined, and future requirements were not stated in the 
RFP. The audit did not substantiate allegations concerning the multilevel 
security environment or future DMS requirements. Appendix C details the 
specific allegations and audit results pertaining to each allegation. 


Scope and Methodology 


We reviewed the Defense Message System RFP dated March 16, 1994, 
including amendment 0001 issued May 6, 1994, and amendment 0002 issued 
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May 16, 1994. We reviewed program management and cost documents dated 
from August 1988 to September 1994. We also reviewed cost data that will be 
used to prepare the cost documents listed in Appendix D. Additionally, we 
interviewed personnel from the office of the Assistant Secretary of Defense 
(Command, Control, Communications, and Intelligence) and the program 
manager's office. We also interviewed personnel from the National Security 
Agency because the agency is developing the DMS message security device. 

This economy and efficiency audit was performed from July 1994 to 
October 1994 in accordance with auditing standards issued by the Comptroller 
General of the United States as implemented by the Inspector General, DoD. 
The audit did not include tests of internal controls because the audit was limited 
to the hotline allegations. We did not rely on computer-processed data or 
statistical sampling to achieve the audit objectives. Appendix F lists 
organizations visited or contacted during the audit. 


Internal Controls 


We did not review the internal management control program for the DMS 
because we limited the scope of our audit to the specific allegations. 

The audit identified a material noncompliance with DoD acquisition policy 
internal controls. Specifically, the MAISRC did not conduct a Milestone n 
review to authorize award of the DMS Phase 1 contract. 

Recommendation l.b. in this report, to which responsive action has already 
been taken, will assist in correcting the noncompliance. No monetary benefits 
will be realized by implementing the recommendation. Part II of the report 
discusses the material noncompliance in detail. A copy of the report will be 
provided to the senior official responsible for internal controls within the 
Department of Defense. 


Prior Audits and Other Reviews 


There has been no prior audit coverage of the Defense Message System. 


Other Matters of Interest 


The DMS Program Manager has employed an acquisition strategy of using 
international messaging standards and protocols (a set of rules or procedures 
commonly agreed upon by industry-wide committees on information 
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technology) and of encouraging industry development of commercial off-the- 
shelf products that use those standards and protocols to meet program 
requirements. DMS uses the international X.400 message handling system and 
X.500 directory service standards and protocols to meet mission requirements. 
DISA plans for the DMS to support individual and organizational messaging 
requirements by influencing commercial developers to integrate those standards 
and protocols into their electronic mail software. 

DISA has established a process to certify commercial software applications for 
use on the DMS system. That certification encourages competition in the 
development of commercial off-the-shelf products. Any software developer, 
not just those under contract to develop the DMS, may submit software for 
DMS certification. 
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Part II - Finding and Recommendations 


Oversight of the Defense Message System 

DoD acquisition policy was not followed for development of the Defense 
Message System, which has estimated total acquisition costs of * and 
life-cycle costs of * . Noncompliance with acquisition policy occurred 
because: 

o the Major Automated Information Systems Review Council did 
not plan to conduct a Milestone II review to authorize award of the DMS 
Phase 1 contract, and 

o the DMS Program Manager did not prepare and submit 
program cost documents to the Director, Program Analysis and 
Evaluation, for review and validation. 

Without a MAISRC review to provide reasonable assurance that the 
Defense Message System will satisfy mission needs in the most cost- 
effective manner, award of the Defense Message System Phase 1 
contract for * will be premature. 


Background 


Purpose of the MAISRC. The MAISRC reviews the life-cycle management 
for major automated information systems. The MAISRC is composed of the 
Chair, members, an Executive Secretary, and staff. The MAISRC, as the 
senior advisory body to the milestone decision authority, provides advice on 
program readiness to proceed into the subsequent life-cycle management phases. 
The Assistant Secretary of Defense (Command, Control, Communications, and 
Intelligence) is the milestone decision authority. 

Life-Cycle Management Process. The life-cycle management process provides 
for two types of reviews conducted by the MAISRC, a milestone review and an 
in-process review. The primary difference between the reviews is that DoD 
Instruction 8120.2 requires specific actions before, during, and after a milestone 
review, whereas an in-process review examines specific issues between 
milestones. 


* Acquisition-Related data removed. 
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Oversight of the Defense Message System 


Milestone Reviews. The purpose of the milestone review is to: 

o evaluate the completion of the minimum required life-cycle 
management accomplishments and exit 4 criteria, 

o recommend movement to the next phase, and 

o recommend exit criteria for the next milestone review. 

In-Process Reviews. The MAISRC conducts in-process reviews 
between milestones to examine specific issues. The milestone decision authority 
may require an in-process review of a major AIS program at any time. The 
purpose of the in-process review is to determine: 

o current program status, 

o progress since the last review, 

o program risks, and 

o potential program problems. 


MAISRC Oversight of the Defense Message System 


DMS Life-Cycle Management Phase. An Assistant Secretary of Defense 
(Command, Control, Communications, and Intelligence) memorandum, dated 
March 2 1994, states that the DMS met the thresholds of a major automated 
information system and was therefore subject to oversight by die MAISRC. 
The memorandum established the DMS program status as post-Milestone I and 
approved release of the DMS request for proposal. The memorandum directed 
DISA to present the DMS program to the MAISRC for a Milestone II review 
before award of the contract. 

Guidance for MAISRC Milestone Review. Even though the Assistant 
Secretary of Defense (Command, Control, Communications, and Intelligence) 
directed that DMS undergo a MAISRC Milestone II review, which was 
scheduled for October 1994, the Milestone II was changed to an in-process 
review. Milestone III, the first milestone review for the DMS program, is 
scheduled for third quarter, FY 1996, after contract award. 

The objectives of the in-process review did not include the costs and benefits of 
DMS, which is contrary to policy in DoD Directive 8120.1. The objectives of 
the October 1994 in-process review were to: 


Specific program criteria must be accomplished before proceeding to the next 
milestone review. 

5 The DMS in-process review was held on December 8, 1994 
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Oversight of the Defense Message System 


o ensure the DMS program has an appropriate management structure 
and a technical and acquisition approach, 

o ensure the DMS is capable of satisfying validated requirements, and 

o approve award of the DMS contract. 

DoD acquisition policy states that a MAISRC milestone review will be 
conducted to authorize expending resources for the development phase. 
Further, conducting a milestone review ensures that all MAISRC members 
attend the review. Because the scope of an in-process review may be limited to 
a specific issue, the MAISRC Chair may request that only selected MAISRC 
members attend an in-process review. 


DMS Cost Estimates for MAISRC Review 


DoD Requirements for Determining Cost-Effectiveness. An independent 
review and validation of program cost estimates and cost-benefit analyses are 
essential for determining the cost-effectiveness of an AIS. Further, DoD 
Instruction 8120.2 states that, for all AISs designated for MAISRC oversight, 
the Assistant Secretary of Defense (Program Analysis and Evaluation) (now the 
Director, Program Analysis and Evaluation) shall 


. . . review and validate, at appropriate life-cycle management 
reviews, the AIS program cost estimates, life-cycle cost estimates, 
independent cost estimates, benefit analyses, and functional economic 
analyses. 

Preparation and Validation of DMS Cost Estimates. DoD policy is to 
structure contract solicitations to allow adequate time for required reviews. 
However, the DMS contract is planned to be awarded before the DMS costs and 
benefits are fully validated. 

The Director, Program Analysis and Evaluation, has not reviewed and validated 
DMS cost estimates because the Program Office has not completed preparation 
of all cost documents. The cost analysis requirements description, life-cycle 
cost estimate, and independent cost estimate will be available only in draft form 
for the in-process review. The final cost analysis requirements description is 
not projected to be ready until the second quarter FY 1995. The life-cycle cost 
estimate and the independent cost estimate will not be in final form until the 
third quarter FY 1995. Appendix D shows the cost documentation the DMS 
Program Office plans to provide for the MAISRC in-process review and 
Milestone III review. 

The DMS Quarterly Major Automated Information System Status Report, 
June 30, 1994, states that the Office of Program Analysis and Evaluation 
approved submission of the program cost documents in draft form for the 
in-process review and will validate the approach, methodology, and cost 
element structure for the draft estimates. Validation of only the approach, 
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Oversight of the Defense Message System 


methodology, and cost element structure is inconsistent with the requirements of 
DoD Instruction 8120.2. Further, as discussed below, the validation process 
should identify and correct any significant errors in the cost of the baseline 
system. 

Cost of the Baseline System. In preparing the cost of the existing baseline 
system (AUTODIN) for the DMS Business Plan, September 1993, DISA 
incorrectly categorized about * in DMS transition costs as baseline system costs. 
Those costs are actually costs to the Military Departments for upgrading the 
AUTODIN (see table below). 

Costs to Upgrade the AUTODIN 

Cost Cost 

_ Element _ (millions) * 


Procurement 

Operations and Maintenance 
Staff Costs 
Total 


Costs for upgrading are more appropriately categorized as an alternative to 
AUTODIN rather than as baseline system costs. Accordingly, we concluded 
that the cost of the baseline system is overstated by about * . 


Government-Furnished Equipment Costs Not Included in 
DMS Life-Cycle Costs 


DoD Directive 8120.1 states that Government-furnished equipment and services 
obtained to implement the AIS shall be included in program and life-cycle costs. 
The DMS Program Office has not included the cost of Government-furnished 
microchips * in DMS program costs. 

The microchip is the major component in the Tessera Cryptographic Card, the 
DMS message security device developed and procured by the National Security 
Agency. The National Security Agency awarded a firm fixed-price, indefinite 
delivery/indefinite quantity contract on April 28, 1994, for production of the 
Tessera card. A maximum of * cards can be procured from the contract. 


* Acquisition-Related data removed. 
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By excluding the cost of * each for the Govemment-fumished microchip, DMS 
costs could be understated by as much as * if all * cards are ordered. More 
important, the costs will be understated by as much as $190 million when the * 
user population is attained. 

Further, the RFP states that other Federal agencies can purchase equipment and 
services from the DMS contract. Purchases by non-DoD agencies are limited to 
10 percent of the total estimated contract value over the life of the contract as 
determined at the time of contract award. DMS equipment requires the Tessera 
cryptographic card for each user. If 10 percent of the * Tessera cards are 
ordered by non-DoD agencies, $684,000 (see Appendix E) will be expended for 
non-DoD support. Unless controls are put in place to verify full recovery of the 
cost of the Govemment-fumished microchip in the Tessera card, the DoD will 
be subsidizing * for each card sold to a non-DoD agency. 


Summary 


The March 1994 Assistant Secretary of Defense (Command, Control, 
Communications, and Intelligence) memorandum designated the DMS a major 
AIS subject to MAISRC review and directed a Milestone II review before award 
of the DMS contract. Instead, the MAISRC planned an in-process review to 
approve the contract award, and a DMS milestone review will not occur until 
September 1995 when a Milestone III review is scheduled. 

An in-process review that does not outline specific requirements before a 
Milestone III review is inappropriate for approval of the award of the DMS 
contract. Additionally, DMS program cost-benefit analyses have not been 
validated as required by DoD policy. Further, the cost of the baseline system is 
overstated, and DMS program costs do not contain the cost of Govemment- 
fumished microchips used in the Tessera cryptographic card. 


Recommendations, Management Comments, and Audit 
Responses 


1. We recommend that the Assistant Secretary of Defense (Command, 
Control, Communications, and Intelligence): 


* Acquisition-Related data removed. 


12 





Oversight of the Defense Message System 


a. Delay approval to award the Defense Message System 
development contract until program cost data are reviewed and validated 
for completeness and accuracy. 

b. Require a Major Automated Information Systems Review 
Council Milestone II review of the Defense Message System program. The 
review should include establishment of a program baseline, validation of 
program costs and cost-benefit analyses, documentation requirements, and 
exit criteria that must be met before the Milestone in review. 

Management Comments. The Assistant Secretary of Defense (Command, 
Control, Communications, and Intelligence) (the Chair of the MAISRC) stated 
that the contract for the DMS should be awarded, * . Additionally, the 
Assistant Secretary stated that on December 8, 1994, the MAISRC conducted an 
in-process review of the DMS rather than a Milestone II review and that the 
resultant System Decision Memorandum established the requirements before the 
Milestone III review. * and provide subsequent direction regarding DMS 
implementation. The comments also pointed out that the distinction between a 
milestone and an in-process review is increasingly difficult to make, particularly 
for information systems that are composed of nondevelopmental items and are 
incremental or evolutionary in nature. Because automated information systems 
do not readily fit into traditional life-cycle phases and milestones, the 
thoroughness of MAISRC reviews will be dictated by the program decision 
under consideration rather than by milestone designation. The complete text of 
management comments is in Part IV of the report. 

Audit Response. After the draft report was issued on November 10, 1994, we 
met with representatives of the Under Secretary of Defense (Comptroller), the 
Director, Program Analysis and Evaluation, the Assistant Secretary of Defense 
(Command, Control, Communications, and Intelligence), and the Defense 
Information Systems Agency. As a result of several meetings, we no longer 
objected to award of the contract * and cost risk to the Government was 
minimized during the period that cost estimates are completed and validated and 
that the DMS program is reviewed by the MAISRC. Therefore, we consider 
management comments responsive to the recommendation. Further, we 
recognize that the Assistant Secretary of Defense (Command, Control, 
Communications, and Intelligence) is revising the major automated information 
system review process. Our comments on the review process will be presented 
in an audit report to be issued under Project No. 4RE-5025.01, "Oversight 
Process of the Major Automated Information System Review Council." 


* Acquisition-Related data removed. 
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2. We recommend that the Under Secretary of Defense (Comptroller) * for 
the Defense Message System until the Director, Program Analysis and 
Evaluation, reviews and validates program costs and cost-benefit analyses 
and a Milestone n review is held. 

Management Comments. The Under Secretary of Defense (Comptroller) 
planned to release funds for contract award subject to the provisions of the 
System Decision Memorandum, which the MAISRC issued after the 
December 8, 1994, in-process review. The Under Secretary's comments are in 
Part IV of the report. The Assistant Secretary of Defense (Command, Control, 
Communications, and Intelligence) commented that * . 

Audit Response. The Under Secretary’s comments meet the intent of the 
recommendation. 

3. We recommend that the Director, Defense Information Systems Agency, 
correct Defense Message System cost data to include the cost of 
Government-furnished equipment and to show the costs to upgrade the 
baseline system as an alternative to the baseline system. 

Management Comments. The Assistant Secretary of Defense (Command, 
Control, Communications, and Intelligence) provided a consolidated response 
for the Directors, Defense Information Systems Agency and National Security 
Agency. The Assistant Secretary concurred with including the cost of 
Government-furnished equipment as part of the DMS cost data, but 
nonconcurred with showing costs to upgrade the baseline system as an 
alternative to the baseline system. While recognizing that labeling the upgrade 
costs as transition costs instead of baseline costs may have been misleading, the 
Assistant Secretary stated that treating the transition costs as an alternative to the 
baseline system was inappropriate because the costs do not satisfy the validated 
requirements of the DMS. 

Audit Response. Management comments on the costs of Government-furnished 
equipment are responsive. However, we defer to the Office of the Director, 
Program Analysis and Evaluation in determining the appropriate treatment of 
the * in costs. Whether costs to upgrade the baseline system should be shown 
as costs of an alternative to the baseline system should be decided as part of the 
Office of the Director of Program Analysis and Evaluation review and 
validation of DMS program costs. 

4. We recommend that the Director, National Security Agency, in 
conjunction with the Director, Defense Information Systems Agency, 
establish controls to recover the cost of the microchip in the Tessera card 
when Defense Message System equipment is sold to non-DoD organizations. 


* Acquisition-Related data removed. 
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Management Comments. In the consolidated response, the Assistant Secretary 
of Defense (Command, Control, Communications, and Intelligence) concurred, 
stating that the National Security Agency is partially subsidizing the current cost 
of the microchip to cover nonrecurring development and manufacturing startup 
costs and that the partial subsidy is being phased out as microchip development 
is completed and per microchip cost is reduced. Additionally, when the 
microchip development is complete, Tessera (now Fortezza) card vendors will 
purchase the microchip directly from multiple sources and end the need to 
impose controls to ensure cost recovery because all card and chip costs will be 
borne by the purchasers. 
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Appendix A. DMS Writer-to-Reader Messaging 

Service 


Origin of DMS. In 1988, the Assistant Secretary of Defense (Command, 
Control, Communications, and Intelligence) initiated the DMS program to 
establish the future of DoD electronic messaging. On February 6, 1989, the 
Joint Chiefs of Staff validated the DMS Multicommand Required Operational 
Capability. The DMS Panel, chaired by the Assistant Secretary with 
representatives from the Military Departments and Defense agencies, provides 
overall direction on the program. The Assistant Secretary established the 
Program Management Office within the Defense Information Systems Agency 
(DISA). In March 1994, the Assistant Secretary designated the DMS a major 
automated information system subject to review by the Major Automated 
Information Systems Review Council. 

DMS Uses Common Protocol Standards. Federal Information Processing 
Standards Publication 146, "Government Open Systems Interconnection 
Profile," states that Federal Agencies acquiring computer network products and 
services are required to use a common set of data communication protocols. 
The protocols must allow systems developed by different vendors to interoperate 
and enable the users of different applications on the systems to exchange 
information. DMS complies with the Government Open Systems 

Interconnection Profile requirement by using the international standards and 
protocols of the X.400 message handling system and X.500 directory service. 

Transition to a Mature System. The transition to DMS will occur in 
three phases. 

o Phase 1 - Begins organizational messaging transition with a phaseout 
of base-level telecommunications centers and the migration of electronic mail to 
X.400 standard and protocol. 

o Phase 2 - Initial operational capability for X.400 and X.500 individual 
and organizational messaging with Secure Data Network System Message 
Security protocol protection. 

o Phase 3 - Begins when the last AUTODIN Switching Centers are 
closed out. DMS will be fully developed as an integrated individual and 
organizational messaging service. 

A depiction of the DMS Writer-to-Reader Messaging Service follows. 
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Appendix A. DMS Writer-to-Reader Messaging Service 
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DISN - Defense Information Systems Network 
MTA - Message Transfer Agent 









Appendix B. Life-Cycle Management of 

Automated Information Systems 


Automated Information Systems 


What is an Automated Information System? An automated information 
system (AIS) is composed of computer hardware and software, data, and 
telecommunications that perform functions such as collecting, processing, 
transmitting, and displaying information. Mission-critical computer resources, 
including both hardware and software, that are physically part of, dedicated to, 
or essential to a weapon system's mission performance are excluded from this 
definition. 

Major Automated Information Systems. Computed in FY 1990 dollars, a 
major AIS is a program that has: 

o anticipated total program costs of more than $100 million, 

o estimated program costs of more than $25 million in any single 
year, or 

o estimated life-cycle costs of more than $300 million, or 
has been designated a major AIS by the milestone decision authority. 


Life-Cycle Management Review of Major AISs 


Responsibility for Reviewing Major AISs. The Assistant Secretary of 
Defense (Command, Control, Communications, and Intelligence) is responsible 
for reviewing each major AIS program designated for Major Automated 
Information System Review Council (MAISRC) oversight. Responsibilities of 
the Assistant Secretary of Defense (Command, Control, Communications, and 
Intelligence) include: 

o serving as the milestone decision authority; 

o serving as or designating the MAISRC Chair, who ensures that the 
MAISRC members review each major AIS and provide recommendations to the 
milestone decision authority; and 

o signing the System Decision Memorandum, which documents 
MAISRC decisions and is distributed to the DoD Components. 
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Appendix B. Life-Cycle Management of Automated Information Systems 


MAISRC Milestone Reviews. During its life cycle, a program may go through 
five milestones and their associated phases. A milestone is a decision point, 
separating the phases of the AIS life cycle, at which the AIS status is assessed to 
determine progression to the next phase. The five milestones follow. 

o Milestone 0 - determines validity of the mission need and authorizes 
the concept exploration and definition phase. 

o Milestone I - selects the best program concept and authorizes the 
demonstration and validation phase. 

o Milestone II - authorizes program management to initiate and expend 
resources for the activities of the development phase. 

o Milestone III - determines system production and the deployment 
decision. 

o Milestone IV - assesses system effectiveness during the operations and 
support phase. A decision may be made to continue, modernize, or terminate 
the AIS. 


21 


Appendix C. Allegations and Audit Results 


The complaint to the Defense Hotline consisted of 3 major allegations and 
17 suballegations, which are discussed with the audit results below. 

1. Allegation. The cost of DMS has been understated. 

Audit Result. The allegation had merit in that life-cycle cost estimates did not 
include $190 million for Government-furnished microchips. The inclusion of 
the cost of Government-furnished equipment in program costs is discussed in 
Part II. 


a. The estimated cost of the DMS infrastructure does not include 
hardware, software, or transport elements on end-user devices. 

Audit Result. The suballegation had merit in that cost estimates did not 
include $190 million for Govemment-fumished microchips. However, the 
life-cycle cost estimate in the DMS Business Plan contains estimated costs for 
end-user hardware and software. The cost of Govemment-fumished microchips 
is discussed in Part II. 

b. The estimated cost of the DMS infrastructure does not include 
costs associated with migration phases such as the cost to upgrade the 
Phase I infrastructure elements to migrate from unclassified but sensitive 
messages to messages classified secret and above. 

Audit Result. The suballegation had no merit. The DMS program 
manager stated that computer terminals to support messages classified secret and 
above will have to contain a high-end 486 microprocessor (16 megabyte random 
access memory, 300 megabyte hard drive). However, the program manager 
also stated that user terminals should not have to be upgraded solely to support 
DMS classified messaging requirements because, by FY 1997, he believed that 
the common computer will be as powerful as the 486 microprocessor. 

c. The estimated cost of the DMS infrastructure does not include 
the cost to make commercial off-the-shelf software compliant with the 
requirements of a multilevel secure environment. 

Audit Result. The suballegation had no merit because commercial 
off-the-shelf software will not have to be made compliant with a multilevel 
secure environment. Multilevel security for the DMS will be provided by 
adding hardware, developed by the National Security Agency, that allows for 
commercial off-the-shelf software to reside in a multilevel secure environment 
for the DMS end-user's computer system. 

d. The estimated cost of the DMS infrastructure does not include 
the cost of the contractor guarantee to provide lifetime upgrades to DMS 
software. 
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Appendix C. Allegations and Audit Results 


Audit Result. The suballegation had no merit. The RFP does not 
require a lifetime guarantee to upgrade DMS software. 

e. The primary objectives of saving money and staffing will not be 
realized because replacement of the Automatic Digital Network 
(AUTODIN) is the only quantifiable savings possible. 

Audit Result. The suballegation had no merit. The DMS Program 
Office has identified significant potential monetary benefits from terminating the 
AUTODIN system and implementing DMS. 

f. The primary objectives of saving money and staffing will not be 
realized because the Defense Information Systems Agency has no schedule 
to replace AUTODIN Switching Centers and to eliminate 
Telecommunication Centers. 

Audit Result. The suballegation had no merit. DISA has announced a 
schedule to phase out AUTODIN Switching Centers and Telecommunications 
Centers by the end of FY 2000. 

g. The cost difference between AUTODIN services, commercial off- 
the-shelf electronic mail, and nonstandard, secure electronic mail operated 
in accordance with Allied Communications Pamphlet 123 has not been 
taken into account in cost considerations. 

Audit Result. The suballegation had merit. The DMS program 
manager had not developed accurate estimates for the cost of the status quo 
system—the AUTODIN and standard electronic mail. The DMS Program 
Office is developing a cost analysis to include more accurate data on the 
AUTODIN and standard electronic mail. 

2. Allegation. The required multilevel security environment is not defined. 

Audit Result. The allegation had no merit. The National Security Agency is 
developing the multilevel security devices required to support the DMS. 

a. The cards to process unclassified communications are prototype. 

Audit Result. The suballegation had no merit. The National Security 
Agency has awarded a production contract for the Tessera cryptographic cards. 
The first delivery was in December 1994. 

b. The cards and system methodology required to process secure 
communications are still in development, and the method that will be used 
to match user identification on each Tessera card to the X.500 directory has 
not been fully developed. Directories and Tessera cards must be 
synchronized. 

Audit Result. The suballegation had no merit. DMS uses standard 
X.500 directory protocols. No modifications are necessary for Tessera cards to 
use those protocols. 
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Appendix C. Allegations and Audit Results 


c. The cost to develop, maintain, and audit the X.500 directory has 
not been considered. The Tessera card will require approximately 
2,000 bits per user or 500 megabytes for a projected population of 
2 million users. 

Audit Result. The suballegation had no merit. The X.500 protocol 
standard is designed to support public key encryption schemes. No special 
development will be required to support the Tessera cards. The cost of 
commercial off-the-shelf directory maintenance is included in the DMS Program 
plan. Security audits of commercial off-the-shelf products, such as the 
X.500 directory, will not be necessary because the devices developed by the 
National Security Agency will allow commercial off-the-shelf products to reside 
in a multilevel secure environment. 

Also, the allegation that a directory (an index of users and user information) 
must be sized to handle 500 megabytes of Tessera data to support 2 million 
users had no merit. When the DMS is a mature system in the year 2000, 
directory service will be provided by 640 directories. 

d. There will be significant costs to process message preparation 
and processing inquiries into a 500 megabyte directory. 

Audit Result. The suballegation had no merit. DMS users will pay a 
service charge for DMS infrastructure services that will include directory 
service costs. 

3. Allegation. The DMS RFP does not refer to future requirements. 

Audit Result. The allegation had no merit. The RFP refers to both current 
and future requirements. 

a. DMS does not incorporate known programs such as Soldier of 
the 21st Century. 

Audit Result. The suballegation had no merit. Users are responsible 
for ensuring that unique architectural plans are considered in DMS planning. 
The DMS Implementation Group has established a Joint Projects Working 
Group to coordinate user requirements. 

b. DMS ignores the Government-wide electronic mail initiative at 
the Department of Health and Human Services. 

Audit Result. The suballegation had no merit. The final report of the 
Government-wide electronic mail task force, states that Federal business grade 
messaging should be built in accordance with DMS requirements. Additionally, 
the Government-wide electronic mail task force used the DMS operational 
messaging characteristics for the business grade messaging requirement. 


^Method to prevent unauthorized access on a system that is accessible to many 
users. 
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Appendix C. Allegations and Audit Results 


c. The RFP states that 2 million people will use the DMS, but no 
users list has been developed. 

Audit Result. The suballegation had no merit. The Defense 
Information Systems Agency conducted surveys as a basis for its estimate of 
2 million users. 

d. Mobilization and wartime requirements are not addressed. 

Audit Result. The suballegation had no merit. The DMS 
Multicommand Required Operational Capability specifies requirements for both 
wartime and peacetime environments. 

e. DMS does not account for theater system override needs 
expressed in global command and control system requirements. 

Audit Result. The suballegation had no merit. The global command 
and control system program manager and the DMS program manager report to 
the DISA Deputy Director for Command, Control, Communications, 
Computers, and Intelligence Programs. DISA has established a joint project 
with the Military Departments to ensure that the global command and control 
system implements DMS-compatible automated message handling capabilities. 

f. DMS control functions are not required to work in conjunction 
with the control functions of the Defense Information System, Defense 
Information Systems Network, and National Information Infrastructure. 

Audit Result. The suballegation had no merit. DMS system control 
will be fully integrated with the DISA Integrated Control Center and the 
Post-Federal Telecommunications Service 2000 system control functions. DISA 
tasked a joint Army, Air Force, and Navy DMS Service Management Action 
Team to ensure that DMS control is collocated and fully integrated with global 
and regional integrated control center activities. 

g. Secure system audit capabilities to account for the integration of 
DMS and commercial off-the-shelf applications on the same user platform 
are not included in the RFP. 

Audit Result. The suballegation had no merit. The DMS security 
system developed by the National Security Agency does not require an audit 
capability for integration of commercial off-the-shelf applications on user 
platforms. 


h. DMS end-user workstation configurations are not articulated in 
sufficient detail to permit accurate budget decisions at any given point in 
the program development. 

Audit Result. The suballegation had no merit. The DMS Program 
Office has provided all unique system requirements to the DMS users. In 
addition, the Program Office does not anticipate upgrades of workstations solely 
for DMS implementation. 
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i. The contractor can deliver DMS products under Phase I of the 
contract which, for reasons of security, will not be compatible with DMS 
standards and protocols under Phase II of DMS. Delivery of DMS Phase II 
and beyond is at risk for the Government. 

Audit Result. The suballegation had no merit. The ability of the DMS 
Program to move from Phase I to Phase II, unclassified to classified, hinges 
primarily on the ability of the National Security Agency to deliver security 
protection products being developed under the Multilevel Information Systems 
Security Initiative Program. When available, the DMS-Govemment Open 
Systems Interconnection Profile contractor will be tasked to integrate products 
for the Multilevel Information Systems Security Initiative Program into the 
commercial off-the-shelf products. 
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Appendix D. DMS Cost Documentation 


DMS Cost 
Document 


Available at 
In-Process Review 1 


Available at 
Milestone III 2 


Cost Analysis Requirements 
Document 

Life-Cycle Cost Estimate 
Independent Cost Estimate 
Functional Economic Analysis 


Draft Version 
Draft Version 
Interim Version 
Final Version 


Final Version 
Final Version 
Draft/Final Version 
Final Version 


^n-process review was initially scheduled for October 1994. Review was held 
on December 8, 1994. 

2 Milestone III scheduled for September 1995. 
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Appendix E. Summary of Potential Benefits 

Resulting from Audit 


Recommendation 

Reference Description of Benefit 


Amount and/or 
Type of Benefit 


l.a. 


l.b. 


2 . 


3. 


4. 


Economy and Efficiency. Program 
funds will be spent in a cost- 
effective manner. 

Internal Controls and Program 
Results. Program documentation 
will be adequate, program costs will 
be complete and accurate, and exit 
criteria will be established. 

Economy and Efficiency. Funds 
will be spent effectively through 
review and approval of all key DMS 
program issues. 


Nonmonetary. 


Nonmonetary. 


Undeterminable. 
Amount of funds put 
to better use will 
depend on outcome of 
Recommendation l.b. 


Economy and Efficiency. Funds 
will be spent effectively through 
valid cost and cost-benefit analyses. 

Economy and Efficiency. DoD will 
recover full cost of DMS equipment 
purchased by non-DoD agencies. 


Nonmonetary. 


Funds of $684,000 
put to better use. 
Appropriation: 
97X/X0400.4500 
Program Elements: 
0303 HOG and 
0301011G, National 
Security Agency. 
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Appendix F. Organizations Visited or Contacted 


Office of the Secretary of Defense 

Under Secretary of Defense for Acquisition and Technology, Washington, DC 
Under Secretary of Defense (Comptroller) 

Director, Program Analysis and Evaluation, Washington, DC 
Assistant Secretary of Defense (Command, Control, Communications, and 
Intelligence), Washington, DC 


Other Defense Organizations 

Defense Information Systems Agency, Arlington, VA 
National Security Agency, Fort Meade, MD 
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Office of the Secretary of Defense 

Under Secretary of Defense for Acquisition and Technology 
Director for Test, Systems Engineering and Evaluation 
Under Secretary of Defense (Comptroller) 

Director, Program Analysis and Evaluation 

Assistant Secretary of Defense (Command, Control, Communications, and Intelligence) 

Director, Operational Test and Evaluation 

Deputy Under Secretary of Defense (Acquisition Reform) 

Assistant to the Secretary of Defense (Public Affairs) 

Director, Joint Staff 


Department of the Army 

Secretary of the Army 

Auditor General, Department of the Army 


Department of the Navy 

Secretary of the Navy 

Assistant Secretary of the Navy (Financial Management) 
Auditor General, Department of the Navy 


Department of the Air Force 

Secretary of the Air Force 

Assistant Secretary of the Air Force (Financial Management and Comptroller) 
Auditor General, Department of the Air Force 


Defense Organizations 

Director, Defense Contract Audit Agency 
Director, Defense Information Systems Agency 
Director, Defense Logistics Agency 
Director, National Security Agency 
Inspector General, Central Imagery Office 
Inspector General, Defense Intelligence Agency 
Inspector General, National Security Agency 
Director, Defense Logistics Studies Information Exchange 
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Non-Defense Federal Organizations 

Office of Management and Budget 

Technical Information Center, National Security and International Affairs Division, 
General Accounting Office 

Chairman and Ranking Minority Member of Each of the Following Congressional 
Committees and Subcommittees: 

Senate Committee on Appropriations 

Senate Subcommittee on Defense, Committee on Appropriations 
Senate Committee on Armed Services 
Senate Committee on Governmental Affairs 
House Committee on Appropriations 

House Subcommittee on National Security, Committee on Appropriations 
House Committee on Government Reform and Oversight 
House Subcommittee on National Security, International Affairs, and Criminal 
Justice, Committee on Government Reform and Oversight 
House Committee on National Security 
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This page was left out of orignial document 




Part IV - Management Comments 




Under Secretary of Defense (Comptroller) 
Comments 


Final Report 





* Acquisition-Related data removed. 
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Assistant Secretary of Defense (Command, 
Control, Communications, and Intelligence) 
Comments 



* Acquisition-Related data removed. 
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